1 / 23

Using Certified Policies to Regulate E-Commerce Transactions

Using Certified Policies to Regulate E-Commerce Transactions. Victoria Ungureanu Rutgers University. The Problem. Ensuring that actions of agents involved in e-commerce conform with a-priori established contracts. A contract example:

baldwin
Download Presentation

Using Certified Policies to Regulate E-Commerce Transactions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Using Certified Policies to Regulate E-Commerce Transactions Victoria Ungureanu Rutgers University

  2. The Problem • Ensuring that actions of agents involved in e-commerce conform with a-priori established contracts. • A contract example: • An airline company, say FlyAway, agrees to sell discounted tickets to a travel company, say TravelRUS, subject to the following provisions: • The purchases are to be made between January 1 2005 and June 30 2005; • The price of each ticket is discounted by 10%; • Only agents duly certified as travel agents may buy tickets at discounted prices.

  3. The Problem (cont.) • An enterprise is bound by a potentially large number of disparate contracts: • Ex: Wall-Mart, Ford, Daimler-Chrysler, GM have in excess of 20,000 suppliers operating under different contracts; • New contracts are continuously being established, and previously established contracts end. • A contract has a limited, predefined validity period.

  4. The Problem (cont.) • Contracts may be annulled for various reasons • For example: the travel agency is bankrupt. • Contracts may be revised • For example: the travel agency establishes a new certifying authority which issues certificates for sale representatives; • Contracts may be stateful: • Examples of stateful contract provisions: • Only a limited number of tickets, say 100, may be purchased at the discounted price. • FlyAway accepts reservations. A PO for a reserved ticket is honored only if made within 24 hours from the reservation.

  5. The Problem (cont.) • Need to support a large set of autonomous, evolving and stateful contracts. • Current access control mechanisms deal mostly with monolithic, relatively stable, stateless policies.

  6. Traditional Approaches • Have a dedicated server for each contract: • Problematic, if the number of contracts is large • Combine all contracts in a super policy: • The super policy is difficult to construct if the number of contracts is large; • The super policy needs to change every time a new contract is established, or a contract ends; • The super policy needs to change when a contract is anulled or revised.

  7. Overview • Motivation • Certificates • Certified policies • The enforcement mechanism • Conclusion

  8. A Necessary Parenthesis: Certificates • Are used to prove certain attributes regarding the owner: • Ex: the owner is John Doe, and he is employed by TravelRus, and he is a travel agent; • Are signed by a certification authority; • Are presented by the owner to gain certain rights • Are valid for a limited time period; • May be revoked for various reasons;

  9. request certificates granted request certificates denied Certificate-based Authorization Policy Alice server Eve

  10. request certificates granted request certificates Policy Policy denied Contract Enforcement • Idea: a client presents the policy embedding contract terms together with other credentials. server

  11. Certified Policies (CPs) • Are obtained by: • expressing contract terms in a formal, interpretable language; • certifying the contract terms, by signing them by an authority, trusted by the parties involved in the contract. • Advantages: • no need for composing a super policy, nor for establishing a dedicated server for each contract;

  12. The Elements of a Certified Policy • Id • Validity period • Revocation server • Version number • Repository • Initial control state • State server • Rules formalizing contract terms regarding access and control regulations

  13. Deployment of Certified Policies • Traditional certificates are maintained by repositories; • Similarly, an enterprise can: • Express the contracts it is involved in as certified policies; • Store certified policies on designated repositories, from where agents may retrieve them as needed.

  14. Contract Annulment and Revision • If a contract is annulled, the corresponding CP should be invalidated • CP invalidation may be modeled by certificate revocation; • If contract terms need to be revised this can be achieved simply by: • revoking the obsolete version of the corresponding CP, • deploying the new version of the CP on a repository

  15. System Architecture • Assumes the following trusted entities: • Repositories: provide persistent storage for CPs • Revocation servers: maintain and disseminate revocation information; • Application servers: • Each server has an associated policy engine, called observer; • Observers verify certificates and interpret and carry out the rules of a CP; • A server is trusted to serve only requests sanctioned by its associated observer. • State servers: maintain the current value of contract states.

  16. repository state server Enforcement of Certified Policies request, subject-certificate(s), CP revocation server application server observer

  17. back-end server Cluster-based Application Servers • Application servers often use cluster architectures in order to handle effectively high volume traffic. • Cluster-based servers consists of a dispatcher and several back-end servers; dispatcher back-end server back-end server

  18. Effective Assignment Policies for Cluster-based Servers • The problem: short waiting periods for clients. • A (first) solution: the TDA (Type Dependent Assignment) policy • In broad outline, under TDA: • A back-end server acts as state server for a set of CPs; • The dispatcher assigns: • a request governed by a stateful CP to the back-end server that maintains the state of the CP. • a request governed by a stateless CP to the least loaded back-end server.

  19. TDA’s Performance • Gauged by running a simulation study driven by empirical data: • compares TDA with Least-Connected policy; • performance metric used by the study is waiting time. • The simulation models: • 4 back-end servers • 100 contracts • uses a trace containing ~170,000 requests arriving over 200 second • considers that 80% of requests are governed by stateful contracts • TDA outperforms Least-Connected by a factor of 4!

  20. Conclusion • Policy management operations are easy to perform: • Deployment: simply store CPs on appropriate repositories. • Annulment: revoke the corresponding CP; • Update: revoke the previous version and deploy the new one • Easy to deploy: • Uses an infrastructure already in place • Requires no modifications to the infrastructure, and only minimal modifications to application servers; • Efficient enforcement.

  21. The papers discussing some of these topics appeared in: • IEEE Cluster, December 2003; • ACM Transactions on Internet Technologies, February 2005. • These papers can be found at: research.rutgers.edu/~ungurean/ Thanks!

  22. request certificates granted denied Certificate-based Authorization Policy Alice request certificates server Eve

  23. request certificates granted Policy Policy request certificates denied Contract Enforcement • Idea: a client presents the policy embedding contract terms together with other credentials. server

More Related